Skills
skills/tebjan/agent-skills/install-github-plugin/Gen Agent Trust Hub

install-github-plugin

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill is designed to clone external repositories and install them as active plugins. By automating the claude plugin install command on untrusted content, it enables the execution of third-party code within the agent's execution context.
  • [EXTERNAL_DOWNLOADS]: The skill clones repositories from user-specified or inferred GitHub locations using the gh CLI.
  • [COMMAND_EXECUTION]: The workflow executes multiple shell commands to manipulate the filesystem and modify the agent's internal configuration in sensitive paths like ~/.claude/.
  • [DATA_EXFILTRATION]: The skill accesses and reads internal configuration files such as known_marketplaces.json and interacts with sensitive plugin directories in the user's home directory.
  • [PROMPT_INJECTION]: This skill serves as a surface for indirect prompt injection. Ingestion points: External GitHub repositories containing SKILL.md files. Boundary markers: None. Capability inventory: gh repo clone, claude plugin install, and filesystem manipulation. Sanitization: None present; the skill trusts and incorporates external metadata from unvetted repositories into its own configuration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 01:06 AM